Updating and Monitoring LB plug-in with Web Server 7.0
My previous blog
talks about setting up a SSL
connection between DAS and load balancer (Web Server 6.0),
configuration changes can be
pushed from DAS (Domain Administration Server) to Load Balancer
automatically. This avoids manual copying of loadbalancer.xml. The
monitoring data about load balancer can also be obtained, once SSL is
setup. The following instructions talk about setting up Load Balancer
in SSL Mode in Web Server 7.0.
Instructions to install load balancer (Web Server 7.0) and enable the
9.0 features:
Please install Web Server
7 Preview 2. Please make sure you do not use the default directory on windows (Program Files/Sun/WebServer7). Please choose a directory which does not contain any spaces. Otherwise create-selfsigned-cert command fails. This bug is fixed in the upcoming Web Server 7 Preview 3 release. Once the web server is installed in a non default directory, start the admin server as follows:
The Sun Java System Web Server 7.0 Administration Server service is starting....
The Sun Java System Web Server 7.0 Administration Server service was started successfully.
Get the config name of the server instance by using the wadm command.
Please enter admin-user-password>
Sun Java System Web Server 7.0-Technology-Preview-2 B06/19/2006 16:59
wadm> list-configs
CHAND-NT
I will be working with the CHAND-NT configuration. Most commands need the --config parameter, so instead of typing that over and over, I'll set it once:
Then create a self signed certificate as follows
With the certificate installed, I now need a listener on some port which will have SSL enabled. I'll need a default virtual server associated with a listener, so first I want to check what virtual servers are configured so far:
CHAND-NT
Ok there is only one (the default) virtual server here, so I'll go with that one:
Finally I need to set a few things on my new SSL listener: at the very least it needs to be enabled and it needs to be associated with the nickname of the cert it's going to use:
wadm>set-ssl-prop --http-listener=http-listener-ssl server-cert-nickname=MyServerCert
After all the configuration is done, I just need to deploy this new configuration and start my server:
wadm>start-instance
I can now go and check https://CHAND-NT:8090 from a browser to verify the setup is working.
Please export DAS certificate by executing the command
Please import the das certificate into webserver instance.
If obj.conf does not contain the following lines, please inser the following lines to the end of obj.conf
PathCheck fn="get-client-cert" dorequest="1" require="1"
<Object>
<Object ppath="*lbgetmonitordata*">
PathCheck fn="get-client-cert" dorequest="1" require="1"
</Object>
You can verify the above setup from DAS. From the appserver admin gui, create a cluster, load balancer. Instead of using local CA, you can use any other CA and server certificate. In that case you skip step 5 and 6, but need to import server certificate you obtained from other CAs.
From CLI, the following creates the load balancer and sets it up, so that DAS posts the configuration changes automatically to that load balancer.
Give the webserver host and https listener port for device host and port. Click on test connection to test the connection. By default load balancer created from GUI uses SSL connection to connect to load balancer device.
Posted at 10:58AM Sep 21, 2006 by sv96363 in General |